
WHAT IS CLAIMED IS: 



1 1 . A method performed by a custodian to share a secret S among n secret 

2 owners, the method comprising the steps of: 

3 choosing two large primes P and Q\ 

4 computing a product N = PQ\ 

5 computing a product M= CP-1)(Q-1); 

6 choosing n random numbers q x through q n that are relatively prime to M\ 

7 determining a number d such that a product of q x through q n and d mod M 

8 equals one; 

9 computing S d ; 

10 distributing n secret owner pieces to each of the n secret owners, wherein each 

44 of the secret owner pieces includes Sf* and one of the numbers q x through q n \ and 
K deleting the secret S 9 P, Q, M, q x through q n , and d. 

Ml 2. A method as in claim 1, the method further comprising the steps of: 

y2 receiving a first of the n secret owner pieces from one of the n secret owners; 

Q and 

\A computing and storing S' = S? g mod JV, where q represents the one of the 

3 numbers q x through q n contained in the first of the n secret owner pieces. 

1 3. A method as in claim 2, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing mod N, where q represents the one of the numbers q } through 

5 q n contained in the second of the n secret owner pieces; and replacing S' with S"? mod N. 

1 4. A method as in claim 3, further comprising the step of: 

2 each time another of the secret owner pieces is received from another one of the n secret 

3 owners; 
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4 computing mod N 9 where q represents the one of the numbers q x through 

5 q n contained in another of the n secret owner pieces; and replacing S' with S* 1 mod N. 

1 5. A method performed by a custodian to share a secret S among n secret 

2 owners, the method comprising the steps of: 

3 choosing two large primes P and Q\ 

4 computing a product TV = PQ\ 

5 computing a product M~ (P-\)(Q-l); 

6 choosing w+1 random numbers q x through q„ and d' that are relatively prime 

7 toM; 

8 determining a number d such that a product of q x through q n , d\ and d mod M 
^ equals one; 

computing 5** ; 

Brt distributing n secret owner pieces to each of the n secret owners, wherein each 

IS of the secret owner pieces includes 5^ and one of the numbers q x through q n \ and 
H~3 deleting the secret S, P, Q, M, q x through q n , and d. 

%A 6. A method as in claim 5, the method further comprising the steps of: 

2 receiving a first of the n secret owner pieces from one of the n secret 

1=6 owners; and 

4 computing and storing 5" = Sf* q mod N 9 where q represents the one of the 

5 numbers q l through q n contained in the first of the n secret owner pieces. 

1 7. A method as in claim 6, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing S* 1 mod N, where q represents the one of the numbers q x through 

5 q n contained in the second of the n secret owner pieces; and 

6 replacing S ' with S * mod N. 
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8. A method as in claim 7, further comprising the step of: 

each time another of the secret owner pieces is received from another one of 
the n secret owners; 

computing S mod N, where q represents the one of the numbers q x through 
q n contained in the another of the n secret owner pieces; and 

replacing S' with S* 1 mod N. 



9. A method as in claim 8, further comprising the steps of: 
after all n secret owner pieces has been received; 
computing S mod N\ and 
replacing S* with S** mod N. 



10. A method performed by a custodian to share a secret S among n secret 
owners such that any k of the n secret owners may reconstruct the secret, the method 
comprising the steps of: 

choosing two large primes P and Q, such that PQ is greater than S\ 

computing and storing a product N = PQ; 

computing and storing a product M — (P- 1 )(Q- 1 ); 

choosing n random numbers e x through e n that are relatively prime to TV; 
choosing another random number e that is relatively prime to N\ 
choosing n numbers dj through d n such that eidi mod M equals one for 

1 < i < n ; 

choosing another number d such that e d mod M is equal to one; 



generating and storing a database of 



values, where each value is the 



product of d and a unique k of the dt numbers for 1 < i < n ; 
deleting P 9 Q, and M\ 
computing iS*; 

distributing n secret owner pieces to each of the n secret owners, wherein each 
of the secret owner pieces includes and one of the numbers e } through e n \ and 
deleting the secret S and e x through e n , e, d x through d„, and d. 
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1 1 1 . A method as in claim 10, the method further comprising the steps of: 

2 receiving a first of the n secret owner pieces from one of the n secret owners; 

3 and 

4 computing and storing 5" = S^mod N, where f represents the one of the 

5 numbers e, through e n contained in the first of the n secret owner pieces. 



1 12. A method as in claim 11, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing mod N> where q represents the one of the numbers e } through 
J> e n contained in the second of the n secret owner pieces; and replacing S* with S** mod N. 

•jj 13. A method as in claim 12, further comprising the step of: 

f~2 each time another of the secret owner pieces is received from another one of 

= 3 the n secret owners; 

\j4 computing S** mod TV, where q represents the one of the numbers e x through 

]J5 e n contained in the another of the n secret owner pieces; and replacing S* with mod N. 

1 14. A method as in claim 13, further comprising the steps of: 

2 after k secret owner pieces have been received, 



retrieving from the database a value c from among the 



values, wherein the 



4 value c corresponds to the k secret owner pieces that were received by the custodian; 

5 computing S* mod N\ and 

6 replacing S ' with S * mod N. 

1 1 5. A method performed by a custodian to share a secret S among n secret 

2 owners such that any k of the n secret owners may reconstruct the secret, the method 

3 comprising the steps of: 
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# # 

4 choosing two large primes P and Q, such that PQ is greater than S; 

5 computing and storing a product N = PQ; 

6 computing and storing a product M = (P- 1 1 ); 

7 choosing n random numbers e x through e n that are relatively prime to N\ 

8 choosing random numbers e and e ' that are relatively prime to N; 

9 choosing n numbers d x through d n such that mod M equals one for 

10 \<i<n\ 

1 1 choosing numbers d and d' such that ed mod M is equal to one and such that 

12 e'rf' mod M is equal to one; 

(A 

13 generating and storing a database of I I values, where each value is the 

14 product of d and a unique k of the di numbers for 1 < / < n ; 
Ji$ deleting P, Q, and Af; 

WS computing $f e ; 

distributing n secret owner pieces to each of the n secret owners, wherein each 

Sj5 of the secret owner pieces includes Sf* and one of the numbers e x through e n \ and 

"fb deleting the secret S and e x through e„ 9 e, d x through d n , and d. 

lA 16. A method as in claim 15, the method further comprising the steps of: 

H> receiving a first of the n secret owner pieces from one of the n secret owners; 

3 and 

4 computing and storing S' = mod N, where f represents the one of the 

5 numbers e x through e n contained in the first of the n secret owner pieces. 

1 17. A method as in claim 16, the method further comprising the steps of: 

2 receiving a second of the n secret owner pieces from another one of the n 

3 secret owners; 

4 computing S* 7 mod N, where q represents the one of the numbers e x through 

5 e n contained in the second of the n secret owner pieces; and replacing S ' with S* 1 mod N. 

1 18. A method as in claim 17, further comprising the step of: 



24 



2 each time another of the secret owner pieces is received from another one of 

3 the n secret owners; 

4 computing mod N, where q represents the one of the numbers e l through 

5 e n contained in the another of the n secret owner pieces; and replacing S' with mod N. 

1 19. A method as in claim 18, further comprising the steps of: 

2 after k secret owner pieces have been received, 



retrieving from the database a value c from among the 



values, wherein the 



4 value c corresponds to the k secret owner pieces that were received by the custodian; 

5 computing S * mod TV; 

JS replacing S 1 with S * mod TV; 

computing S** mod N; and 
y8 replacing S ' with S d mod N. 



Ul 20. A method performed by a custodian to share a secret among n secret 

C? owners such that any k of the n secret owners may reconstruct the secret, the method 

f% comprising the steps of: 

M- encrypting the secret so as to generate an encrypted secret; 

□5 deleting the secret; and 

6 performing a forward k out of n secret sharing algorithm on the encrypted 

7 secret so as to generate n secret owner pieces. 

1 21 . A method as in claim 20, further comprising the step of: 

2 distributing the n secret owner pieces to the n secret owners. 

1 22. A method as in claim 21, further comprising the step of: 

2 receiving k secret owner pieces from k secret owners. 

1 23. A method as in claim 22, further comprising the step of: 
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2 performing a reverse k out of n secret sharing algorithm on the k secret owner 

3 pieces so as to recreate the encrypted secret. 

1 24. A method as in claim 23, further comprising the step of: 

2 decrypting the encrypted secret so as to recreate the secret. 

1 25. A method as in claim 20, wherein the step of performing a forward k 

2 out of n secret sharing algorithm includes the steps of: 

3 dividing the encrypted secret into k pieces; and 

4 performing n polynomial evaluations at n points of a degree-^ polynomial 

5 using the k pieces of the encrypted secret as polynomial coefficients; 

Q? wherein each of the k secret owner pieces includes a result of one of the n 

~tR polynomial evaluations and a corresponding one of the n points. 

pl 26, A method as in claim 25, further comprising the steps of: 

^2 distributing the n secret owner pieces to the n secret owners; 

3 receiving k secret owner pieces from k secret owners; and 

yp- performing a reverse k out of n secret sharing algorithm on the k secret owner 

jjj pieces so as to recreate the encrypted secret; wherein the step of performing a reverse k out of 

M5 n secret sharing algorithm includes the steps of generating a system of k linear equations and 

7 solving the system of k linear equations for the k pieces of the encrypted secret. 

1 27. A method as in claim 26, further comprising the step of: 

2 assembling the A: pieces of the encrypted secret so as to recreate the encrypted 

3 secret; and 

4 decrypting the encrypted secret so as to recreate the secret. 

1 28. A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 

3 performed by a custodian to share a secret S among n secret owners, the method comprising 

4 the steps of: 
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5 choosing two large primes P and Q; 

6 computing a product N = PQ\ 

7 computing a product M= CP-1)(£?-1); 

8 choosing n random numbers q x through q n that are relatively prime to M\ 

9 determining a number d such that a product of q x through q n and d mod M 

1 0 equals one; 

1 1 computing 5^ ; 

12 distributing n secret owner pieces to each of the n secret owners, wherein each 

13 of the secret owner pieces includes S* and one of the numbers q x through q n ; and 

14 deleting the secret 5, P, Q, M, q x through q n , and d. 

£j 29. A computer readable storage medium having embodied thereon 

^2 computer readable program code suitable for programming a computer to perform a method 

U5 performed by a custodian to share a secret S among n secret owners, the method comprising 
the steps of: 

fS choosing two large primes P and Q\ 

3 6 computing a product N = PQ; 

lif computing a product M = (P- 1 )(£?- 1 ); 

f8 choosing n+l random numbers q x through q n and d ' that are relatively prime to 

10 determining a number d such that a product of q x through q n , d \ and d mod M 

1 1 equals one; 

12 computing^; 

13 distributing n secret owner pieces to each of the n secret owners, wherein each 

14 of the secret owner pieces includes and one of the numbers q x through q„; and 

15 deleting the secret S, P, Q, M, q x through q n , and d. 

1 30. A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 

3 performed by a custodian to share a secret S among n secret owners such that any k of the n 

4 secret owners may reconstruct the secret, the method comprising the steps of: 
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1 < i < n : 



choosing two large primes P and Q, such that PQ is greater than S; 
computing and storing a product N = PQ; 
computing and storing a product M = (P-l)(Q-l); 

choosing n random numbers e x through e n that are relatively prime to N; 
choosing another random number e that is relatively prime to TV; 
choosing n numbers d x through d„ such that ddi mod M equals one for 

choosing another number d such that ed mod Mis equal to one; 



generating and storing a database of 



values, where each value is the 



product of d and a unique k of the </, numbers for \ <i <n \ 
deleting P, Q, and M; 
computing Sf; 

distributing n secret owner pieces to each of the n secret owners, wherein each 
of the secret owner pieces includes iS* and one of the numbers e x through e n ; and 
deleting the secret S and e x through e n , e, d l through d n , and d. 



3 L A computer readable storage medium having embodied thereon 
computer readable program code suitable for programming a computer to perform a method 
performed by a custodian to share a secret S among n secret owners such that any k of the n 
secret owners may reconstruct the secret, the method comprising the steps of: 

choosing two large primes P and Q, such that PQ is greater than S; 

computing and storing a product N = PQ; 

computing and storing a product M— (P-\){Q-\); 

choosing n random numbers e x through e„ that are relatively prime to N; 
choosing random numbers e and e ' that are relatively prime to TV; 
choosing n numbers d x through d„ such that mod M equals one for 

1 < / < n ; 

choosing numbers d and d ' such that ed mod M is equal to one and such that 
e i d t mod M is equal to one; 
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14 generating and storing a database of values, where each value is the 

W 

1 5 product of d and a unique k of the d i numbers for 1 < i < n ; 

1 6 deleting P, Q, and M; 

1 7 computing ; 

1 8 distributing n secret owner pieces to each of the n secret owners, wherein each 

19 of the secret owner pieces includes Sf e and one of the numbers e x through e n \ and 

20 deleting the secret S and e x through e n , e, d x through d n , and d. 

1 32. A computer readable storage medium having embodied thereon 

2 computer readable program code suitable for programming a computer to perform a method 
rf performed by a custodian to share a secret among n secret owners such that any k of the n 
St secret owners may reconstruct the secret, the method comprising the steps of: 

US encrypting the secret so as to generate an encrypted secret; 

y§ deleting the secret; and 

f7 performing a forward k out of n secret sharing algorithm on the encrypted 

s 8 secret so as to generate n secret owner pieces. 

H 33. A computer comprising a processor and a computer readable storage 

U2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming the computer to perform a method performed by a custodian to 

4 share a secret S among n secret owners, the method comprising the steps of: 

5 choosing two large primes P and Q; 

6 computing a product N = PQ; 

1 computing a product M = (P- 1 )(Q- 1 ); 

8 choosing n random numbers q x through q n that are relatively prime to M\ 

9 determining a number d such that a product of q x through q n and d mod M 

1 0 equals one; 

1 1 computing S^; 

12 distributing n secret owner pieces to each of the n secret owners, wherein each 

13 of the secret owner pieces includes iS^ and one of the numbers q x through q n \ and 
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14 deleting the secret S, P 9 Q, M, q x through q„, and d. 

1 34. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming a computer to perform a method performed by a custodian to share 

4 a secret S among n secret owners, the method comprising the steps of: 

5 choosing two large primes P and Q; 

6 computing a product N = PQ\ 

7 computing a product M = (P- 1 )(Q- 1 ); 

8 choosing n+\ random numbers q x through q n and d' that are relatively prime to 

9 M\ 

l£) determining a number d such that a product of q x through q n , d\ and d mod M 

H equals one; 

Wl computing 5^; 

i3 distributing n secret owner pieces to each of the n secret owners, wherein each 

Jf| of the secret owner pieces includes 5^ and one of the numbers q x through q n \ and 

15 deleting the secret S, P, Q, M, q x through q m and d, 

3 35. A computer comprising a processor and a computer readable storage 

medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming a computer to perform a method performed by a custodian to share 

4 a secret S among n secret owners such that any k of the n secret owners may reconstruct the 

5 secret, the method comprising the steps of: 

6 choosing two large primes P and Q, such that PQ is greater than S; 
1 computing and storing a product N = PQ\ 

8 computing and storing a product M = CP-1)(£>-1); 

9 choosing n random numbers e x through e n that are relatively prime to N; 

1 0 choosing another random number e that is relatively prime to Af; 

1 1 choosing n numbers d x through d n such that e,*/,- mod M equals one for 

12 1 </</*; 

1 3 choosing another number d such that ed mod M is equal to one; 
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14 generating and storing a database of 



values, where each value is the 



1 5 product of d and a unique k of the rf, numbers for 1 < i < n ; 

1 6 deleting P, Q, and M\ 

1 7 computing 5*; 

1 8 distributing n secret owner pieces to each of the n secret owners, wherein each 

19 of the secret owner pieces includes Sf and one of the numbers e x through e n \ and 

20 deleting the secret S and e x through e n , e, d x through d n , and d. 



1 36. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 
__3 suitable for programming the computer to perform a method performed by a custodian to 

yj4 share a secret S among n secret owners such that any k of the n secret owners may reconstruct 

f^5 the secret, the method comprising the steps of: 

W6 choosing two large primes P and Q, such that PQ is greater than S; 

lZ7 computing and storing a product N = PQ; 

^8 computing and storing a product M — (P- 1 )(Q- 1 ); 

C9 choosing n random numbers e x through e n that are relatively prime to N; 

§Lb choosing random numbers e and e ' that are relatively prime to vV; 

JQ choosing n numbers d x through d„ such that e$i mod M equals one for 

T2 \<i<n\ 

1 3 choosing numbers d and d ' such that ed mod M is equal to one and such that 

14 e'd' mod M is equal to one; 



1 5 generating and storing a database of 



values, where each value is the 



1 6 product of d and a unique k of the di numbers for \<i<n\ 

1 7 deleting P 9 Q, and M; 

1 8 computing ; 

19 distributing n secret owner pieces to each of the n secret owners, wherein each 

20 of the secret owner pieces includes $f e and one of the numbers e x through e n \ and 

21 deleting the secret S and e x through e n , e, d x through d n , and d. 
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1 37. A computer comprising a processor and a computer readable storage 

2 medium coupled to the processor having embodied thereon processor readable program code 

3 suitable for programming the computer to perform a method performed by a custodian to 

4 share a secret among n secret owners such that any k of the n secret owners may reconstruct 

5 the secret, the method comprising the steps of: 

6 encrypting the secret so as to generate an encrypted secret; 

7 deleting the secret; and 

8 performing a forward k out of n secret sharing algorithm on the encrypted 

9 secret so as to generate n secret owner pieces. 
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